CVE-2023-49095

nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
GitHub_MCNA
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
VendorProductVersion
nexryainexkey
𝑥
< 12.122.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/nexryai/nexkey/commit/b96da0eac5a1e75abba94cf926f1251842829bab
https://github.com/nexryai/nexkey/security/advisories/GHSA-fpxw-rw9v-2gmx
https://github.com/nexryai/nexkey/commit/b96da0eac5a1e75abba94cf926f1251842829bab
https://github.com/nexryai/nexkey/security/advisories/GHSA-fpxw-rw9v-2gmx